learn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly syncs and reads external "artifacts" and brain data (e.g., running git fetch/merge on $GSTACK_HOME, calling ~/.claude/skills/gstack/bin/gstack-brain-sync and using gbrain in remote-http mode or a URL from ~/.gstack-artifacts-remote.txt), and its workflow says "If artifacts are listed, read the newest useful one" and to prefer gbrain search—so it will ingest and act on potentially public/third-party content pulled from remote repos or a remote brain server.